Cisco ASA 5505 User Manual

31-13

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 31 Configuring Twice NAT

Configuring Twice NAT

(continued)

For a PAT pool, you can specify one or more of the
following options:

-- Round robin—The round-robin keyword enables
round-robin address allocation for a PAT pool. Without
round robin, by default all ports for a PAT address will be
allocated before the next PAT address is used. The
round-robin method assigns an address/port from each
PAT address in the pool before returning to use the first
address again, and then the second address, and so on.

-- Extended PAT—(8.4(3) and later, not including 8.5(1)
or 8.6(1)) The extended keyword enables extended PAT.
Extended PAT uses 65535 ports per service, as opposed
to per IP address, by including the destination address
and port in the translation information. Normally, the
destination port and address are not considered when
creating PAT translations, so you are limited to 65535
ports per PAT address. For example, with extended PAT,
you can create a translation of 10.1.1.1:1027 when going
to 192.168.1.7:23 as well as a translation of
10.1.1.1:1027 when going to 192.168.1.7:80.

-- Flat range—(8.4(3) and later, not including 8.5(1) or
8.6(1)) The flat keyword enables use of the entire 1024
to 65535 port range when allocating ports. When
choosing the mapped port number for a translation, the
ASA uses the real source port number if it is available.
However, without this option, if the real port is not
available, by default the mapped ports are chosen from
the same range of ports as the real port number: 1 to 511,
512 to 1023, and 1024 to 65535. To avoid running out of
ports at the low ranges, configure this setting. To use the
entire range of 1 to 65535, also specify the
include-reserve keyword.

(continued)

Command

Purpose